General
-
Target
5b3cb2aeecc1b03b7e66fe264cb3c8ecee455cdf848a81ded6410e7d7a159acd
-
Size
842KB
-
Sample
240525-pmd7bsbb92
-
MD5
108f13a6d63a28c9fe2cc5ef78f24a2f
-
SHA1
7a044dea4d8abd141384fa4ca86f308ba9158d8f
-
SHA256
5b3cb2aeecc1b03b7e66fe264cb3c8ecee455cdf848a81ded6410e7d7a159acd
-
SHA512
48e5570fb1b4832c398252862777f0230e6a97ac0733c91c399908d20d3a0d82064f1e1ba82f1436dcd40d33759ec0c5e0c0dc26e4d4df43b24cf4435552088a
-
SSDEEP
24576:jIRjCQiLuVC7RrxLQIiY+j1lLE18ROiYTeLgA:UIfaIdtLQIYZu18ROeLg
Malware Config
Extracted
smokeloader
pub4
Targets
-
-
Target
5b3cb2aeecc1b03b7e66fe264cb3c8ecee455cdf848a81ded6410e7d7a159acd
-
Size
842KB
-
MD5
108f13a6d63a28c9fe2cc5ef78f24a2f
-
SHA1
7a044dea4d8abd141384fa4ca86f308ba9158d8f
-
SHA256
5b3cb2aeecc1b03b7e66fe264cb3c8ecee455cdf848a81ded6410e7d7a159acd
-
SHA512
48e5570fb1b4832c398252862777f0230e6a97ac0733c91c399908d20d3a0d82064f1e1ba82f1436dcd40d33759ec0c5e0c0dc26e4d4df43b24cf4435552088a
-
SSDEEP
24576:jIRjCQiLuVC7RrxLQIiY+j1lLE18ROiYTeLgA:UIfaIdtLQIYZu18ROeLg
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-